US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to itsĀ Known Exploited Vulnerabilities Catalog:
CVE-2023-1389Ā (CVSS score: 8.8) ā TP-Link Archer AX-21 Command Injection Vulnerability. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability that resides in the locale API of the web management interface of the TP-Link Archer AX21 router. The root cause of the problem is the lack of input sanitization in the locale API that manages the routerās language settings. A remote attacker can trigger the issue to inject commands that should be executed on the device.
The vulnerability was first reported to ZDI during theĀ Pwn2Own Toronto 2022Ā event. Working exploits forĀ LANĀ andĀ WANĀ interface accesses were respectively reported by Team Viettel and Qrious Security.Ā
The Zero Day Initiative (ZDI) threat-hunting team recently reported that the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers.
